CVE-2008-1372

Published Mar 18, 2008

Last updated 6 years ago

Overview

Description: bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-119

Vendor comments

Red HatRed Hat has re-evaluated the potential impact of this flaw and has released an update which corrects this behavior: http://rhn.redhat.com/errata/RHSA-2008-0893.html

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3852E705-516A-4A5E-8095-93DCF8DB15DB"
          },
          {
            "criteria": "cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8AD6CE9-FCE5-4926-A1D1-0706DFE4A6D4"
          },
          {
            "criteria": "cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D54DD36D-7A6C-4649-855A-D81F29FFB6C9"
          },
          {
            "criteria": "cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B87D623-6CF8-4BDB-A9FB-CF07589AF1CB"
          },
          {
            "criteria": "cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FE3BFE7-75B6-4284-9EDC-78D452CD9174"
          },
          {
            "criteria": "cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3992967-645A-45E1-979E-6866B50AA642"
          },
          {
            "criteria": "cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "980AE5B2-11A7-4672-B221-DF660F20667F"
          },
          {
            "criteria": "cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DC33019-390A-428F-B119-139CA5949AE4"
          },
          {
            "criteria": "cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B10B3BF9-BE42-468D-89E8-8D4A5FEDC734"
          },
          {
            "criteria": "cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E55F00B1-D48B-40A6-872F-959598D7E6E4"
          },
          {
            "criteria": "cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB5DBC5B-C1C4-487E-B40D-8925FDA13D1E"
          },
          {
            "criteria": "cpe:2.3:a:bzip:bzip2:1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C02B0664-E473-4131-8228-96BB5FBC4F7F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Vendor comments

Configurations

References